back to article New Tosh drive can wipe out 4TB 'near instantaneously'

Toshiba has whipped out its own enterprise-class 4TB hard drive just days after Western Digital revealed a 4TB disk. Toshiba 4TB MG Series Toshiba's 4TB MG series Tosh will build the rival drive at the 3.5-inch disk factory it bought from WD. Western Digital had to sell the plant in order to placate China's MOFCOM …

COMMENTS

This topic is closed for new posts.
  1. Captain Underpants
    Boffin

    So how does near-instantaneous drive erasure work?

    Is the whole drive encrypted with a key stored in the disk controller, with a one-way key deletion routine engaged when the Sanitize option is engaged? Is there some variation on this on a per-platter basis? Or is it something else?

    I can see the potential usefulness for such a function, I'm just intrigued as to how it would work to be sufficiently fast and reliable.

    1. Anonymous Coward
      Anonymous Coward

      Yes - I believe that is how it works (or did on the smaller drives for laptops). Basically you can remove the key and the contents are as good as erased.

      Assuming, of course, no hidden way to recover older keys... <dons tin foil hat>

      1. Destroy All Monsters Silver badge
        Devil

        Picture some gal (mysteriously wearing bondage accessories) from "CSI Army/Navy/Whatever" wheeling in the Atomic Force Microscope while the Guys In Blue keep you in check with hotloaded MP5s...

      2. Yet Another Anonymous coward Silver badge

        Or that the encryption is just "RANDOM_STRING" XORed with the start of each block.

    2. Pet Peeve
      Boffin

      Yep, that's exactly right. Apple uses the same trick for the instant remote wipe option on iphones - the whole drive is encrypted using a key that's stored in a secure store (similar to what used the be called "Palladium"), and when a wipe is requested, the key itself is deleted and written over. Shazam, you instantly have a drive image filled with random noise.

    3. Oddb0d

      The truth is that comparitively few people know what the sanitize/secure erase commands really do. The ATA spec only defines the commands, implementation is left to manufacturers.

      The key overwrite idea is simple, logical and probably correct, but only Toshiba knows for sure.

    4. Alan Firminger

      I don't believe it

      The algorithm will be known to the spooks. So find the key from perhaps 1TB of cybertext, there are plenty of supercomputers around the world dedicated to that purpose.

  2. JaitcH
    Meh

    And after the Plod / Border Agency type have retreated ...

    can the data be recovered?

    And if sold in the US will there be a back door marked NSA?

    1. Pet Peeve
      Black Helicopters

      Re: And after the Plod / Border Agency type have retreated ...

      The only way it would be recoverable is if the key is hidden away someplace before the wipe. While this is certainly possible, it's pretty unlikely - if word ever got out that the wipe was reversible, the company would be sued into the stone age.

      On the other hand, the warranty might give you a clue. If they don't guarantee in the warranty that a wiped drive is unrecoverable, then you can bet there IS a hidden keystore.

  3. Ian Yates
    Flame

    "WD's three-platter 4TB SATA product now faces competition from Toshiba's [...] five 800GB platters"

    Err... unless WD's drives have a large failure/corruption rate, I don't personally see that as much of a competition.

    Even if Tosh's prices are significantly lower, the power and heat reduction are normally enough to convince those with the PO-power.

    1. Gerhard den Hollander

      5 better then 3 ?

      it's been ages since I've done benchmarks on this, but arent more platter supposed to give better read performance ?

      And better write performance as well, because if done properly, the r/w can be done by 5 heads at a time in stead of 3 ?

      Or is there something Im not seeing ?

      1. Ian Yates
        Boffin

        Re: 5 better then 3 ?

        Probably true. I'm possibly a little short-sighted in that the environments I've worked have either weighed on the stable-cheap-large side (where my gut says three platters would be best) or the get-it-fast side (where we've had the budget to build large SSD arrays).

        I've not personally bench-marked on the performance difference in the number of platters, but you've piqued my interested to have a look around.

      2. John 172
        Facepalm

        Re: 5 better then 3 ?

        No, each platter density increase, increases the density of the data on the platter... i.e. denser platters being spun at the same speed as less dense platters equal more data being written/read from the denser platters compared the the less dense platters. i.e. fewer but denser platters are faster and more less dense platters. Check the disk data sheets out for confirmation.

        1. Steve Knox
          Boffin

          Re: 5 better then 3 ?

          Here's how the platters/density debate stacks up, from first principles:

          Picture a drive with one platter and two cylinders. With heads on each side, this gives you the potential to read/write two tracks at once out of the four total.

          Now quadruple your data by adding three more platters and you can read eight tracks at once out of the sixteen total. Consequently, your sequential read speed quadruples.

          However, it take the same amount of time to seek between the two cylinders as it did before, so random performance doesn't increase much.

          If instead you quadrupled the density of the drive, you'd now have one platter with four cylinders each with twice as much data per track.

          So your sequential read speed doubles, but your seek time also decreases (because the cylinders are closer together, reducing head travel time), improving random performance.

          In short, if you want raw sequential performance, increase the number of platters. If you want random performance, increase density. If you want to store gobs of data, increase both.

      3. DeepStorage

        Re: 5 better then 3 ?

        In the 1990s drive vendors switched from a dedicated servo surface to servo information embedded between the data sectors on each surface. As a result the drive adjusts to put the active head in the middle of each track based on the servo positioning data embedded in the data surface for that head.

        This allowed tighter track spacing but eliminated the ability to use heads in parallel. When the drive switches heads it has to reposition to align with that head's data. On many drives moving track to track is actually faster than head to head.

  4. Dave 126 Silver badge

    Not as much fun as having your NAS mounted in a large, pre-strung catapult.

    1. Fatman

      RE: Not as much fun as having your NAS mounted in a large, pre-strung catapult.

      Not me, I would rather have a certain mangler(1) mounted in a large, pre-strung catapult, with a remotely controlled release mechanism.

      (1) Read that as a former boss.

  5. Anonymous Coward
    Anonymous Coward

    I don't trust these not to have back doors.

    The only way to be sure your data is erased is to fling a block of ice at the site it with a railgun.

    1. Pet Peeve
      Big Brother

      Re: I don't trust these not to have back doors.

      I think it's a step in the right direction. There's never anything bad about making strong encryption more common - it makes for easier plausible deniability when you really ARE encrypting something important.

      However, this will not change my bulk erase process either. I don't use a railgun, but when I want to "erase" a hard drive, I take it down to the shop and punch multiple holes all the way through the case with a drill press. Try to recover THAT.

      1. Tom 7 Silver badge

        Re: I don't trust these not to have back doors.

        Not convinced even that's enough - when I were a lad floppy disks had holes in them to indicate sector start!

        You'd be surprised how much information can be retrieved from a section of broken platter - the densities on today's means you can get a whole library onto a nail head.

        If you can use a weapons grade eraser on a drive then considerable heat is the only way - if a health hazard and probably illegal.

      2. Irongut Silver badge
        Thumb Down

        Re: I don't trust these not to have back doors.

        I remember seeing a demonstration 20 years ago from a data recovery firm who punched a pencil through a floppy and then recovered all the data apart from the bit that was in the hole. An HDD with drill holes should be just as recoverable (although quite expensive).

        1. Danny 14 Silver badge

          Re: I don't trust these not to have back doors.

          giant degausser

          1. Adam Azarchs
            Boffin

            Re: Giant degausser

            Modern drive heads don't actually read absolute magnetization. Instead, they read relative magnetization from one sector to the next. Those sectors are very, very close together so any macroscopic magnet is going to hit all of the neighboring sectors almost as hard as the target sector, meaning no change in relative magnetization. Once you hit saturation, you can start breaking data, but experiment shows that the fields needed to get to that point are sufficient to physically rip the platter apart. Your best bet by far is the sector-local fields you can generate with the write head of an operating drive, even compared to physical destruction.

            This is not to say that magnets are harmless to hard drives - they can cause head crashes in a running drive. But if you're worried about NSA-level data recovery efforts, a giant degausser will do nearly nothing to corrupt the data.

        2. Pet Peeve
          Boffin

          Not the same thing

          Fun topic! The areal density of floppies was so low that you could practically read them with magnetic ink (does that still exist? I vaguely remember seeing it used to diagnose a problem with a mainframe tape, decades ago) and a magnifying glass. Modern hard drives? Not so much.

          I mean, if the world depended on it, maybe you could make some kind of crazy device that could get at the tiny domains on a modern hard drive platte without being able to spin it, but wow, that would be difficult.

          Besides that, the magnetic substrate on the drive is REALLY thin - driving a drill through the platter is going to delaminate the hell out of it, and now your data is dust in the air. And then you have laptop drives, where the platter seems to be made of some kind of glass and shatters into a billion pieces when the drill bit hits it.

          FYI - it is next to impossible to use a degausser on a modern hard disk and actually erase everything. If you took the platters out and ran them directly over the magnet, MAYBE you'll erase some of it with each pass. But if you've done that, you may as well use a sanding wheel on the platter, since the drive is never going to work again anyway.

      3. Fatman

        Re: I don't trust these not to have back doors...Try to recover THAT.

        My preferred method of data security:

        http://www.youtube.com/watch?v=yd_O7-rqcHc

        Although I am not specifically endorsing this company, just the method.

        Also, at about 2:55 into this one, is another method:

        http://www.youtube.com/watch?v=oNcaIQMjbM8

        quite effective.

  6. Steve Davies 3 Silver badge
    FAIL

    Oh Dear. Another target for the Virus writers to go after

    They must be rubbing their hands with glee at the thought of writting some malware that goes around doing this 'just for Kicks'. This is just a far too tempting target to not go after.

    The more enterprising of them might even look at turning other types/makes of drives into doorstops.

    What are the people at Toshiba thinking of?

    1. Brewster's Angle Grinder Silver badge

      Re: Oh Dear. Another target for the Virus writers to go after

      "What are the people at Toshiba thinking of?"

      Sales.

      If a haXX0r can issue ATA commands directly to the drive, then you're fucked one way or another. And from that point, a full restore is the only way to trust the data.

    2. DJ Smiley
      Devil

      Re: Oh Dear. Another target for the Virus writers to go after

      When was the last time you actually saw a destructive virus?

      The virus writers are just rubbing their hands in glee at the mess which is windows 8, causing everyone to stay on 7/XP

    3. Lord Elpuss Silver badge
      Black Helicopters

      Re: Oh Dear. Another target for the Virus writers to go after

      Not a lot of point in hackers going after this; viruses these days are almost all designed to generate money for the writer one way or another, and destroying the data won't net them a penny.

      Of course if they could somehow copy the key before invoking the scramble command, then it might be a useful blackmail tactic...

    4. Esskay
      Happy

      Re: Oh Dear. Another target for the Virus writers to go after

      I'm sure there are plenty of politicians and CEOs who would find an "instant scramble" feature *very* appealing...

      1. Anonymous C0ward
        Devil

        Re: Oh Dear. Another target for the Virus writers to go after

        When I were a lad, viruses actually did something.

  7. h3

    Dunno about this.

    Enterprise grade drive that you cannot boot from properly (At least with RHEL6 last time I checked).

    I thought Enterprise grade drives were 2.5" 15krpm SAS (512k sectors).

    OS support other than Windows 2012 is not good for 4k sectors. Raid card support for it is another issue.

    I also thought enterprise disk systems needed lots of spindles. (Hence the 2.5"). Otherwise you might as well just use 2 enterprise grade SSD's in Raid1 and some type of SAN.

    Dealing with alignment is a pita. (I don't think it is worth it in a commercial setting).

    1. pixl97

      Re: Dunno about this.

      Why can't you boot from it properly? That said, I always create a smaller /boot GPT partition so if I have to boot off a tools cd it doesn't freak out.

      Do enterprises just spend a lot of money on stuff like small 15k drives and raid cards and drive bays if they're making bulk disk storage that's not accessed often? Or do you just commonly fill up the $250k san with long term files? Have you priced 1TB of RAID1 enterprise SSD storage?

      Raid cards with support exist, don't piecemeal crap together. A set of 4TB disk can saturate older sata standards on streaming reads, so it's likely that most people will be putting disks this large in new systems.

      Data alignment is an issue with 512b sectors, not just 4k sectors, get used to it when dealing with raids.

      http://www.mysqlperformanceblog.com/2011/06/09/aligning-io-on-a-hard-disk-raid-the-theory/

    2. Nexox Enigma

      Re: Dunno about this.

      You seem to be forgetting that there are some other enterprise operating systems (besides Windows 2012) that have supported 4k sectors (and automagical alignment, the sysadmin doesn't even have to know what 'alignment' means) for years.

      And while some enterprise workloads make the price bump for a 15k 2.5" drive worthwhile, there are other workloads that don't demand the performance, and thus work fine with cheaper, higher capacity disks. Just like how plenty of enterprise workloads work well on 'consumer' SSDs, for a large cost savings.

  8. My Alter Ego
    Coat

    Toshiba have always had this capability

    It's just that it now happens at the click of a button rather that when you're least expecting it.

  9. Mondo the Magnificent
    Holmes

    Toshiba's self erasing 4TB spinner

    Soon to be on the shopping list of every paedophile, wannabe terrorist, conspiracy theorist and the extremely paranoid...

    Who knows, perhaps Whitehall and The White House may invest in some...

    1. Lord Elpuss Silver badge

      Re: Toshiba's self erasing 4TB spinner

      Absolutely agree - but I also wonder what'll happen if the Polis confiscate one of these, manage to scramble it with a butterfingers forensic IT analysis, and then tell the hapless owner he'll be prosecuted unless he can produce the decryption key.

      Secure crypto systems such as this are probably necessary in the enterprise, but for individuals I see more risk than benefit.

    2. LateNightLarry
      FAIL

      Re: Toshiba's self erasing 4TB spinner

      I'm sure Mitt Romney would have wanted something like this when he left the MA governor's office... would have save a lot of time in erasing the records of his office and staff.

      Fail because Romney failed at reality.

  10. This post has been deleted by its author

    1. Crisp

      Re: I imagine...

      We've got a good few years before legislation catches up with the technology.

    2. Anonymous Coward
      Anonymous Coward

      Re: I imagine...

      The decryption keys are no use if the data necessary to use them has been destroyed, and the court will have a whale of a time proving you tried to destroy evidence with all of the evidence actually being destroyed.

    3. Tieger

      Re: I imagine...

      as i recall previous discussions, you only need to hand it over if you possess it. which you wouldnt. if they tried to prosecute on that basis, it would be fairly easy to say 'i'd love to, but sadly as you can see in the manual, its a one-way encryption'. even if you triggered it as they stormed the stairs, you could probably say 'i didnt know it was police coming up the stairs, i thought it was some business competitors so i erased it. the same data is on these drives if you'd like to take a look?' and they'd be hard pressed to prove you wrong.

      in terms of disposal of old drives though - it saves money on shotgun cartridges, i suppose.

    4. Pet Peeve
      Coat

      Re: I imagine...

      Sorry, your honor, but I don't HAVE the encryption keys, nobody does. Oh, and the drive has holes drilled in it.

    5. Mike Tubby
      Black Helicopters

      Re: I imagine...

      ... but you cannot be *made* to hand over something that you don't have :-)

      I suspect that the crypto key will be something like hmac_sha256(<drive serial number>, "TOSHIBA") and therefore easily regenerated when needed (the strong "TOSHIBA" might actually be a secret that is "lawfully available" to government types ... buit there again it might turn up in the drive controller firmware... thinks DeCSS ;-)

      G

      1. Anonymous Coward
        Anonymous Coward

        Re: I imagine...

        ... but you cannot be *made* to hand over something that you don't have :-)

        It depends on the competence of the judge to see if you get away with "I nuked it *before* you slapped a RIPA warrant on me". Personally, I wouldn't bet on it.

        1. Anonymous Coward
          Anonymous Coward

          Re: I imagine...

          <i> > It depends on the competence of the judge to see if you get away with "I nuked it *before* you slapped a RIPA warrant on me". Personally, I wouldn't bet on it.</i>

          I suspect that even if you got away with that they would just do you for obstruction of justice.

          1. Anonymous Coward
            Anonymous Coward

            Re: I imagine...

            > I suspect that even if you got away with that they would just do you for obstruction of justice.

            I would imagine that they would have to have some evidence other than the content of the hard drive, to suggest that you were up to no good otherwise how can they construct a case against you without the disk image?

            If the seizure was a fishing expedition, then they couldn't really get away with charging you for the destruction of your own property, which is not illegal. It only becomes evidence once they seize it.

    6. jonathanb Silver badge

      Re: I imagine...

      I already handed over the decryption key, it was on the disk, and I don't have any other copies.

      1. Pawel 1
        Unhappy

        Re: I imagine...

        How about some "evidence destroying" charge?

  11. andy gibson
    Happy

    Blank drives = suspicion

    Nothing arouses suspicion more than a blank hard drive in a PC. What the utility needs to do is overwrite the drive with a two year old copy of XP, full of useless documents, holiday pics and other rubbish accumulated over time.

  12. ehoffman

    Backdoor?

    The problem with those products is that even if the key is changed (and the data can't be decrypted with the new key, thus, destroyed), there is always a possibility that the previous keys are kept in the chip.

    So, let's say that you put some data on it delete it, and Mr. Joe get it.

    - Mr. Joe - Hello Manufacturer, I have "accidentally erased my disk". Is there something I can do about it?

    - Manufacturer - Ah, this brand of disk... No! It's designed to be non-recoverable...

    And now, let's say that you put some really bad data on it, delete it, and NSA get it.

    - NSA - Hello Manufacturer, I have this disk that is "erased". Is there something I can do about it?

    - Manufacturer - Here's a software. Run it and tell me the disk serial #.

    - NSA - Ok. Disk is S/N: SN12345

    - Manufacturer - (Punching some numbers...) Ok, here is the backdoor key for this disk. You can use the software to revert to any of the previous encryption keys used in that specific disk.

    The same hold true for "secure" flash memory, "secure" usb thumb drives, etc.

    The point is either: You need to trust the manufacturer... Or you don't do anything bad that can get you in the hand of the FBI, NSA, etc with those devices :-) Do the second option, never rely on the first one!

    1. Anonymous Coward
      Anonymous Coward

      Re: Backdoor?

      If you have TLAs after you, you have bigger trouble than what method you used to erase your hard drive.

    2. Oddb0d
      Stop

      Re: Backdoor?

      An important point that you've ignored is that those same agencies need storage media just as much as anybody else, at some point they also need to dispose of that media. As a point of fact the NSA was, up until 2008, a sponsor of the research to implement fast secure drive erasure in the first place.

      Lacking any evidence to support your bizarre hypothesis, try this simple question putting yourself in the place of the NSA. Is it practical to procure backdoor-free storage without having someone audit the firmware of every drive manufactured?

  13. Tim Jenkins
    Flame

    Bang, and the dirt is gone.

    35mm film canister of thermite, magesium ribbon, external HDD caddy.

    You can even buy them ready made with a built in safety fuse:

    http://www.alibaba.com/product-free/112717680/thermite_fire_starter.html

    1. Pet Peeve
      Mushroom

      Re: Bang, and the dirt is gone.

      Um, wow. I don't know whether to say that's insane, or that's MAGNIFICENT. I think I'll go with magnificently insane.

    2. Anonymous C0ward

      Re: Bang, and the dirt is gone.

      Enjoy your burnt desk, floor, ceiling below, etc.

  14. phuzz Silver badge
    Holmes

    Has anyone EVER successfully recovered data from a HDD that's been overwritten once with random bits?

    I know there's plenty of tinfoil-hat wearing supposition that a government could potentially recover data using an atomic microscope, but that was theoretical at best years ago, when data capacity and densities were much smaller.

    Even if (and it's a very big if) the NSA/GCHQ could recover data from an overwritten hard drive, are you really self centred enough to think that your data would receive that level of attention? In the UK the police can barely afford squad cars, let alone competent data forensics.

    1. Pet Peeve
      Boffin

      Historically, yes, absolutely. MFM drives were unerasable through at least one rewrite cycle. As noted above, tapes and floppies could even be read optically with the right materials (flux-sensitive ink).

      I'm pretty skeptical that modern drives can be read the same way thiough, especially after a DOD wipe.

    2. Oddb0d

      Possible? Yes. Practical? Not yet, maybe never.

      Yes I believe so but there's a big catch, the researchers claim to have done it knew exactly what data they were looking for in advance! To the best of my knowledge nobody has ever successfully performed recovery of unknown data from an overwritten hard disk. For more on the topic see "Overwriting Hard Drive Data: The Great Wiping Controversy" by Craig Wright, Dave Kleiman & Shyaam Sundhar.

      The hardcore method of forensic recovery (beyond part swapping) from a failing/failed/overwritten disk is still expensive and time consuming even for large orgs, for further reading see the book "Spin-stand Microscopy of Hard Disk Data" by Isaak Mayergoyz and Chun Tse.

      Put it this way, the Centre for Magnetic Recording Research at UC San Diego have been unable to recover anything from overwritten hard disks that employ PRML (i.e. all modern hard disks), this is important because this was the institution that requested T13 & T10 add the sanitize commands to the ATA & SCSI standards.

  15. N2 Silver badge

    Instant wipeout

    This seems like a good idea where there are a lot of drives, if it works. I cant say it took me very long to destroy discs with a hammer & punch, but where there may be thousands of drives this will be a useful facility.

    I can also see it being the choice of drive for pron stars, who may need to destroy their cache!

  16. Alan Brown Silver badge

    @phuzz

    Petere Gutmann wrote a followup some years ago, to the research he'd put out showing MFM drives could be read with an electron microscope.

    Basically: That research relied on drives using stepper motors. He's been unable to replicate it on voice coil drives and feels it's beyond even the TLA crowd on 1Gb+ drives. He also recommends using ATA enhanced security Erase over 50 random rewrites, because that will get the spare sectors too, while overwrites won't.

    If you're paranoid, melt the drive down.

  17. Giggitygoebbels
    Mushroom

    Why?

    I just got a 3tb toshiba hard drive a few weeks ago.if I knew this I will get this instead

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2021